Check Point Protects Networks Against Zero-Day Hash Collision DoS Vulnerability
( Microsoft Security Advisory 2659883, CVE-2011-3414 )
Summary
Microsoft has released an out-of-band security advisory concerning a zero-day vulnerability in their ASP.NET web application framework, which also exists in most other web application server technologies. Successful exploitation of this vulnerability could result in very high CPU consumption and a subsequent denial of service condition on a targeted web server. The Check Point IPS Software Blade provides immediate protection against this issue.
Details
ASP.NET is a web application framework developed by Microsoft that can be used to build dynamic web sites, web applications, and web services. It is provided as a part of the .NET Framework.
The vulnerability is due to how most web application servers handle "hash table collisions". This flaw can allow an attacker to completely consume the CPU resources of a targeted web server with a single, specially crafted HTTP request.
Affected Products
All versions of the .NET Framework as well most other web application languages are affected. These include PHP5, Oracle's Java, Google's V8, Python, Ruby, Apache Tomcat and Apache Geronimo.
Solution
The Check Point IPS Software Blade provides immediate network protection against this vulnerability by detecting and blocking attempts to exploit it. For more information see CPAI-2011-593.
Originally Published:
Last Updated: 29-Dec-2011